Configuring HTTPS on a server requires a few steps:
- A valid SSL certificate needs to be installed on the machine serving HTTPS content
- The SSL certificate needs to be bound to the port the server is listening on
- The server needs to have access to the port SSL is configured for
This configuration can be done using standard Windows commands and tools, which is described in detail in the server documentation.
Alternatively, it is possible to use the HTTPS Configurator tool that can perform the required steps in HTTPS configuration.
Use the HTTPS Configurator to:
- Bind an existing certificate to a network port
- Create a self-signed certificate and add it to the certificate store
- Make a URL ACL reservation for a network port
Since the configuration process requires administrative permissions at operating system level, the HTTPS Configurator needs to be started using elevated rights.
When having entered the required network port, press Check to retrieve the current configuration from the operating system.
If the current configuration is not the required configuration, proceed with the following steps:
Select the required certificate to bind to the network port and press Fix it.
To create a self-signed certificate, select the ‘Create a self-signed certificate’ from the certificate drop-down list. Enter the required url to create the certificate for and press Create. This will create a new self-signed certificate and add it to the computer certificate store. After creation, the certificate can be bound to the required network port.
- Select the required account for the URL ACL (Everyone is the least restrictive option) and press Fix it.
Note: since self-signed certificates are not issued by a trusted certificate authority (CA), they are untrusted certificates by default. Therefor, self-signed certificates should only be used to test SSL/HTTPS on the local machine, but should not be used in production environments.
To test an SSL connection from a client computer to the configured server using a self-signed certificate, the certificate needs to be installed in the trusted certificate store on the client computer.
There are a few shortcuts available for the advanced users:
CTRL+SHIFT B - Removes all the existing certificate bindings from the current port
CTRL+SHIFT C - Removes the selected self-signed certificate from the certificate store
CTRL+SHIFT U - Removes all the URL ACL reservations from the current port
The HTTPS Configurator tool comes without support. If you have questions or remarks, please add a comment to this article.